Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
28s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
20/03/2025, 20:51
General
-
Target
NoisettesBlueprints/NoisettesBlueprints.exe
-
Size
7.1MB
-
MD5
9f4c52e45f7560f487c0e9ec9354de34
-
SHA1
cb909a9e5a73f23eac7d25c5c2aac39460ae8bfc
-
SHA256
749823c7086831751302abc32b7d0bda2e916693db549d8534c5cf441569aecf
-
SHA512
01792abc842531c3be995059959c41781f5849b9ed7256b98e2e503765bc27424a1182afc044f4cdad2172a5fc77123917f45e955f3c034eaeb6e7eba88f529f
-
SSDEEP
196608:RCT+aj1rpnrJehwiIbZg4TIdQNm5XKCt7olJad0+:RCT+aoqbCdQyftQJad0+
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NoisettesBlueprints\NoisettesBlueprints.exe"C:\Users\Admin\AppData\Local\Temp\NoisettesBlueprints\NoisettesBlueprints.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\NoisettesBlueprints\NoisettesBlueprints.exe"C:\Users\Admin\AppData\Local\Temp\NoisettesBlueprints\NoisettesBlueprints.exe"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.9MB
MD587bb8d7f9f22e11d2a3c196ee9bf36a5
SHA145dfcb22987f5a20a9b32410336c0d097ca91b35
SHA2561269f15b1c8daa25af81e6ad22f9bcebfd2c76aec81c18c6d800460b7105bf98
SHA51275bb2ae36b693e2a1e5ba003503d07ba975f9436fb3da9bf3fc4087a281cb172fa9bd13ad6fc27a62f796af6cbe0c800e2a169c65949a96bd4d0e150f4858288